chore(deps-dev): bump the lerna-lite group with 3 updates

[dependabot]

Bumps the lerna-lite group with 3 updates: @lerna-lite/cli, @lerna-lite/publish and @lerna-lite/version.

Updates @lerna-lite/cli from 4.11.3 to 5.0.0

Release notes

Sourced from @​lerna-lite/cli's releases.

v5.0.0

5.0.0 (2026-04-02)

📢 Major 5.0 Release ⚠️

NodeJS 20 will be EOL by the end of April, so it's time for another Lerna-Lite major release and a Node requirement bump. Below is the list of breaking changes:

1. removed the Conventional Changelog legacy API that allowed reading config from external file (it was deprecated years ago). It is now accepting only configuration through lerna.json file (when using custom changelogPreset).
   • for users of Commitlint and/or conventional-changelog-conventionalcommits, please make sure to update to their latest versions to avoid any problems
2. last year lerna publish --remove-package-fields option was renamed and its old name deprecated, the old name is now officially removed. This mean that only the new option name is valid, so make sure to use:
   • --strip-package-keys
3. NodeJS requirement is now ^22.17.0 || >=24.0.0 which is allowing the use of even more native NodeJS code (e.g. util.styleText() and import.meta.dirname)

... and that's it!

to see the complete list of all previous migrations, take a look at: all Release Migrations

New Requirements

• drop Node 20 support, which will be EOL in April, we now require Node ^22.17.0 || >=24.0.0

Some Project Statistics

What happened since the last major version?

• download nearly doubled to ~2M/year (in comparison Lerna also grew from 62M to 84M/year)
  • Lerna-Lite grew by almost 100% while Lerna grew by 35%... so Lerna-Lite is small, but growing steadily
• OIDC trusted publishing was added just a few months ago (Lerna-Lite itself also uses it to publish)
• extended Catalog support, pnpm catalog was added in last major version, and more recently I added support for all 3 package managers (pnpm, Yarn and even Bun)
  • for reference Lerna does not support Catalog
• also following e18e initiative, more focus was put on using more native code. Allowing Lerna-Lite install size to keep decreasing, for example the publish command (which includes version) install size is now at 33Mb/257 packages (ref node-module-inspector)
  • in comparison v1.0 was at 62Mb/454 packages, that's nearly half its original size and external packages.
  • also in comparison, the original Lerna (all-in-one tool) pulls in a whopping 138Mb/499 packages
• a few different features were added during the year
  • (auto) Comments on resolved issues/PRs when pushing a new release (see docs)
  • lerna version --release-header-message / --release-footer-message (could be used to add sponsors)
• and finally a couple of large projects migrated to Lerna-Lite during the past year:
  • Vuetify / Inquirer / ... and more

in conclusion, Lerna-Lite continues to be a great alternative to the original Lerna project and is Nx free. Most users like its modular approach (install only what you want) which is a huge distinction compared to the original (all-in-one) Lerna. There's also a few Lerna-Lite unique features that were added over the past few years that Lerna doesn't have... there's many more reasons to use Lerna-Lite, you can read more about the subject on the main readme page (About Lerna-Lite)

That's it for now, thanks ⭐ 🚀

A big Thanks to all my Sponsors and Happy Coding 🐉

... (truncated)

Changelog

Sourced from @​lerna-lite/cli's changelog.

5.0.0 (2026-04-02)

[!NOTE] Please visit the v5.0.0 release for more details about the migration.

⚠ BREAKING CHANGES

• use native import.meta.dirname/filename (#1302)
• build: use module --nodenext instead of bundler/esnext (#1301)
• bump NodeJS requirement to Node v22.17 (#1299)
• remove deprecated code --remove-package-fields (#1295)

Code Refactoring

• build: use module --nodenext instead of bundler/esnext (#1301) (14990ba) - by @​ghiscoding
• bump NodeJS requirement to Node v22.17 (#1299) (91ca715) - by @​ghiscoding
• remove deprecated code --remove-package-fields (#1295) (072c863) - by @​ghiscoding
• use native import.meta.dirname/filename (#1302) (9a4f686) - by @​ghiscoding

4.11.5 (2026-03-14)

Note: Version bump only for package @​lerna-lite/cli

4.11.4 (2026-03-07)

Note: Version bump only for package @​lerna-lite/cli

Commits

• 75dc11d chore(release): publish new version v5.0.0
• 9a4f686 refactor!: use native import.meta.dirname/filename (#1302)
• 14990ba refactor(build)!: use module --nodenext instead of bundler/esnext (#1301)
• 91ca715 refactor!: bump NodeJS requirement to Node v22.17 (#1299)
• 072c863 refactor!: remove deprecated code --remove-package-fields (#1295)
• 934f915 chore(release): publish new version v4.11.5
• 78e53c3 chore(release): publish new version v4.11.4
• See full diff in compare view

Updates @lerna-lite/publish from 4.11.3 to 5.0.0

Release notes

Sourced from @​lerna-lite/publish's releases.

v5.0.0

5.0.0 (2026-04-02)

📢 Major 5.0 Release ⚠️

NodeJS 20 will be EOL by the end of April, so it's time for another Lerna-Lite major release and a Node requirement bump. Below is the list of breaking changes:

1. removed the Conventional Changelog legacy API that allowed reading config from external file (it was deprecated years ago). It is now accepting only configuration through lerna.json file (when using custom changelogPreset).
   • for users of Commitlint and/or conventional-changelog-conventionalcommits, please make sure to update to their latest versions to avoid any problems
2. last year lerna publish --remove-package-fields option was renamed and its old name deprecated, the old name is now officially removed. This mean that only the new option name is valid, so make sure to use:
   • --strip-package-keys
3. NodeJS requirement is now ^22.17.0 || >=24.0.0 which is allowing the use of even more native NodeJS code (e.g. util.styleText() and import.meta.dirname)

... and that's it!

to see the complete list of all previous migrations, take a look at: all Release Migrations

New Requirements

• drop Node 20 support, which will be EOL in April, we now require Node ^22.17.0 || >=24.0.0

Some Project Statistics

What happened since the last major version?

• download nearly doubled to ~2M/year (in comparison Lerna also grew from 62M to 84M/year)
  • Lerna-Lite grew by almost 100% while Lerna grew by 35%... so Lerna-Lite is small, but growing steadily
• OIDC trusted publishing was added just a few months ago (Lerna-Lite itself also uses it to publish)
• extended Catalog support, pnpm catalog was added in last major version, and more recently I added support for all 3 package managers (pnpm, Yarn and even Bun)
  • for reference Lerna does not support Catalog
• also following e18e initiative, more focus was put on using more native code. Allowing Lerna-Lite install size to keep decreasing, for example the publish command (which includes version) install size is now at 33Mb/257 packages (ref node-module-inspector)
  • in comparison v1.0 was at 62Mb/454 packages, that's nearly half its original size and external packages.
  • also in comparison, the original Lerna (all-in-one tool) pulls in a whopping 138Mb/499 packages
• a few different features were added during the year
  • (auto) Comments on resolved issues/PRs when pushing a new release (see docs)
  • lerna version --release-header-message / --release-footer-message (could be used to add sponsors)
• and finally a couple of large projects migrated to Lerna-Lite during the past year:
  • Vuetify / Inquirer / ... and more

in conclusion, Lerna-Lite continues to be a great alternative to the original Lerna project and is Nx free. Most users like its modular approach (install only what you want) which is a huge distinction compared to the original (all-in-one) Lerna. There's also a few Lerna-Lite unique features that were added over the past few years that Lerna doesn't have... there's many more reasons to use Lerna-Lite, you can read more about the subject on the main readme page (About Lerna-Lite)

That's it for now, thanks ⭐ 🚀

A big Thanks to all my Sponsors and Happy Coding 🐉

... (truncated)

Changelog

Sourced from @​lerna-lite/publish's changelog.

5.0.0 (2026-04-02)

[!NOTE] Please visit the v5.0.0 release for more details about the migration.

⚠ BREAKING CHANGES

• use native import.meta.dirname/filename (#1302)
• bump NodeJS requirement to Node v22.17 (#1299)
• remove deprecated code --remove-package-fields (#1295)
• core: replace tinyrainbow with native util.styleText() (#1293)

Bug Fixes

• deps: update all non-major dependencies (#1289) (530905f) - by @​renovate[bot]
• npmlog: replace has-unicode with internal implementation (#1284) (c729652) - by @​ghiscoding
• publish: replace byte-size with internal implementation (#1283) (ae8867d) - by @​ghiscoding
• publish: show output from publish and postpublish lifecycle scripts (#1287) (d5faf1b) - by @​ghiscoding

Code Refactoring

• bump NodeJS requirement to Node v22.17 (#1299) (91ca715) - by @​ghiscoding
• core: replace tinyrainbow with native util.styleText() (#1293) (1d36057) - by @​ghiscoding
• remove deprecated code --remove-package-fields (#1295) (072c863) - by @​ghiscoding
• use native import.meta.dirname/filename (#1302) (9a4f686) - by @​ghiscoding

4.11.5 (2026-03-14)

Bug Fixes

• core: remove p-pipe, p-reduce (#1280) (d298ef1) - by @​ghiscoding
• deps: replace write-pkg with internal writePackage utility (#1277) (819c5c9) - by @​ghiscoding
• deps: update all non-major dependencies (#1274) (9351be2) - by @​renovate[bot]
• deps: update dependency tar to v7.5.11 [security] (#1273) (6ac77a9) - by @​ghiscoding

4.11.4 (2026-03-07)

Bug Fixes

• deps: update all non-major dependencies (#1269) (6c82fab) - by @​renovate[bot]
• deps: update dependency tar to v7.5.10 [security] (#1272) (f2e9bbf) - by @​renovate[bot]

Commits

• 75dc11d chore(release): publish new version v5.0.0
• 530905f fix(deps): update all non-major dependencies (#1289)
• 9a4f686 refactor!: use native import.meta.dirname/filename (#1302)
• 91ca715 refactor!: bump NodeJS requirement to Node v22.17 (#1299)
• 072c863 refactor!: remove deprecated code --remove-package-fields (#1295)
• 1d36057 refactor(core)!: replace tinyrainbow with native util.styleText() (#1293)
• d5faf1b fix(publish): show output from publish and postpublish lifecycle scripts (#1287)
• c729652 fix(npmlog): replace has-unicode with internal implementation (#1284)
• ae8867d fix(publish): replace byte-size with internal implementation (#1283)
• 934f915 chore(release): publish new version v4.11.5
• Additional commits viewable in compare view

Updates @lerna-lite/version from 4.11.3 to 5.0.0

Release notes

Sourced from @​lerna-lite/version's releases.

v5.0.0

5.0.0 (2026-04-02)

📢 Major 5.0 Release ⚠️

NodeJS 20 will be EOL by the end of April, so it's time for another Lerna-Lite major release and a Node requirement bump. Below is the list of breaking changes:

1. removed the Conventional Changelog legacy API that allowed reading config from external file (it was deprecated years ago). It is now accepting only configuration through lerna.json file (when using custom changelogPreset).
   • for users of Commitlint and/or conventional-changelog-conventionalcommits, please make sure to update to their latest versions to avoid any problems
2. last year lerna publish --remove-package-fields option was renamed and its old name deprecated, the old name is now officially removed. This mean that only the new option name is valid, so make sure to use:
   • --strip-package-keys
3. NodeJS requirement is now ^22.17.0 || >=24.0.0 which is allowing the use of even more native NodeJS code (e.g. util.styleText() and import.meta.dirname)

... and that's it!

to see the complete list of all previous migrations, take a look at: all Release Migrations

New Requirements

• drop Node 20 support, which will be EOL in April, we now require Node ^22.17.0 || >=24.0.0

Some Project Statistics

What happened since the last major version?

• download nearly doubled to ~2M/year (in comparison Lerna also grew from 62M to 84M/year)
  • Lerna-Lite grew by almost 100% while Lerna grew by 35%... so Lerna-Lite is small, but growing steadily
• OIDC trusted publishing was added just a few months ago (Lerna-Lite itself also uses it to publish)
• extended Catalog support, pnpm catalog was added in last major version, and more recently I added support for all 3 package managers (pnpm, Yarn and even Bun)
  • for reference Lerna does not support Catalog
• also following e18e initiative, more focus was put on using more native code. Allowing Lerna-Lite install size to keep decreasing, for example the publish command (which includes version) install size is now at 33Mb/257 packages (ref node-module-inspector)
  • in comparison v1.0 was at 62Mb/454 packages, that's nearly half its original size and external packages.
  • also in comparison, the original Lerna (all-in-one tool) pulls in a whopping 138Mb/499 packages
• a few different features were added during the year
  • (auto) Comments on resolved issues/PRs when pushing a new release (see docs)
  • lerna version --release-header-message / --release-footer-message (could be used to add sponsors)
• and finally a couple of large projects migrated to Lerna-Lite during the past year:
  • Vuetify / Inquirer / ... and more

in conclusion, Lerna-Lite continues to be a great alternative to the original Lerna project and is Nx free. Most users like its modular approach (install only what you want) which is a huge distinction compared to the original (all-in-one) Lerna. There's also a few Lerna-Lite unique features that were added over the past few years that Lerna doesn't have... there's many more reasons to use Lerna-Lite, you can read more about the subject on the main readme page (About Lerna-Lite)

That's it for now, thanks ⭐ 🚀

A big Thanks to all my Sponsors and Happy Coding 🐉

... (truncated)

Changelog

Sourced from @​lerna-lite/version's changelog.

5.0.0 (2026-04-02)

[!NOTE] Please visit the v5.0.0 release for more details about the migration.

⚠ BREAKING CHANGES

• use native import.meta.dirname/filename (#1302)
• bump NodeJS requirement to Node v22.17 (#1299)
• drop conventional-changelog legacy API for local preset file (#1296)
• core: replace tinyrainbow with native util.styleText() (#1293)

Bug Fixes

• deps: update conventional-changelog packages (#1304) (ee684a7) - by @​renovate[bot]

Code Refactoring

• bump NodeJS requirement to Node v22.17 (#1299) (91ca715) - by @​ghiscoding
• core: replace tinyrainbow with native util.styleText() (#1293) (1d36057) - by @​ghiscoding
• drop conventional-changelog legacy API for local preset file (#1296) (c299059) - by @​ghiscoding
• use native import.meta.dirname/filename (#1302) (9a4f686) - by @​ghiscoding

4.11.5 (2026-03-14)

Bug Fixes

• core: remove p-pipe, p-reduce (#1280) (d298ef1) - by @​ghiscoding
• deps: remove set-blocking, is-stream (#1276) (8f0d1e3) - by @​ghiscoding
• deps: replace uuid, pify with native Node.js APIs (#1275) (7bd09e2) - by @​ghiscoding
• deps: replace write-pkg with internal writePackage utility (#1277) (819c5c9) - by @​ghiscoding

4.11.4 (2026-03-07)

Bug Fixes

• deps: update conventional-changelog packages (#1270) (dcd5910) - by @​renovate[bot]

Commits

• 75dc11d chore(release): publish new version v5.0.0
• ee684a7 fix(deps): update conventional-changelog packages (#1304)
• 9a4f686 refactor!: use native import.meta.dirname/filename (#1302)
• 4cfddb8 chore: ignore line for text coverage
• 91ca715 refactor!: bump NodeJS requirement to Node v22.17 (#1299)
• c299059 refactor!: drop conventional-changelog legacy API for local preset file (#1296)
• 1d36057 refactor(core)!: replace tinyrainbow with native util.styleText() (#1293)
• 27fa3a0 docs: remove note about commitlint conventional changelog overrides
• 934f915 chore(release): publish new version v4.11.5
• d298ef1 fix(core): remove p-pipe, p-reduce (#1280)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​lerna-lite/​cli@​4.11.3 ⏵ 5.0.0				+2
	@​inquirer/​core@​10.3.2 ⏵ 11.1.8	+1			-1
	@​lerna-lite/​publish@​4.11.3 ⏵ 5.0.0	+1			+1
	@​lerna-lite/​version@​4.11.3 ⏵ 5.0.0	+1			+1

View full report